On 27/10/2011 12:59 πμ, Nerijus Kislauskas wrote:
(a) group needs "read" permission on result_attribute attributes, while (b) group needs only "search" permission. What I want from all ot this, that postfix would be able to work with minimal required ldap access permissions. And now you require "read" for both of them. Pity.
Now come on, Nerijus, there is no associated security risk with that. If you feel uneasy, create a separate LDAP user with proper access rights just for postfix use. Providing postfix user with read access to lookup tables won't cause any harm to LDAP security.
If you feel this is an imperfect scenario (which is debatable), keep in mind that we can not bring things to perfection. Have you perfected all your other coding and/or administrative tasks?
We are all striving for perfection, but some things might not or should not need to be stretched more than they are because we live in a world of priorities and time/effort is a scarce resource. And Postfix is close to perfection anyway (at least for most of people). :-)
Nick
smime.p7s
Description: S/MIME Cryptographic Signature
